Authentication provider Vasco has announced a package designed to ease the security concerns of IT managers, when deploying Software as a Service (SaaS) within the enterprise.

The company says that when its Identikey Server 3.0 is used in conjunction with a Digipass authenticator, a dynamic one-time password replaces the static password offered by default by a SaaS application. This, says Vasco, means that confidential login credentials are no longer transmitted over the internet and are no longer susceptible to phishing attacks.

There is little doubt that SaaS is becoming an increasingly popular option within the enterprise, but that is not stopping IT departments fretting over its potential security risks, as well cost and integration issues.

Specifically, the issues that seem to be causing IT management sleepless nights, centre around how to secure Internet-based applications, whether the business' critical information safe in third party hands, and is confidential data only accessible by authorised users?

Vasco claims that Identikey Server 3.0 provides the answer thanks to its strong two-factor authentication. End-users can log on using a dynamic one-time password generated by a hardware or software based Digipass. Once the user has proved his identity, access will be granted to the sensitive information stored in the hosted application.

Vasco says that Identikey Server can be integrated on either the hosted application side, provided through the SaaS vendor; through an integration partner who will offer it as an authentication service to its customers; and on the customer side, allowing the SaaS customer to use it simultaneous for other authentication purposes, such as securing remote access to the corporate network for tele or remote workers.

"SaaS offers users a limited spend on infrastructure and on IT personnel," said Jochem Binst a Vasco spokesman. "But the problem at the moment is that many of the SaaS or hosted applications are still secured by static passwords, which makes it vulnerable to phishing attacks, trojan horse etc."

"We have given people the choice," he said, in response to a question as to whether users would want authentication from their SaaS provider, instead of a third party like Vasco.

"On the one hand we negotiate with vendors who are looking to embed the Vasco solution to fulfil their authentication needs," Binst added. Vendors either typically embed Vasco's core authentication platform, VACMAN Controller in their SaaS offering, but they can also embed Identikey, a full blown authentication server into their offerings.

"Our solution is more ala carte, how and where it is embedded is not a problem for Vasco," he said. "All positions are possible, either at the core of a SaaS or hosted service, or at a customer's premises. The customers and vendors will decide."

Pricing, as would be expected with this type of offering, is dependent on the number of users. However, for 100 users, Identikey will cost $71 (£46.82) per user, whereas for 1,000 users, the price per user will drop to $60 (£39.57).

For larger deployments, the price per user will continue to drop.